approle

package
v6.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 4, 2024 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AuthBackendLogin 

type AuthBackendLogin struct {
	pulumi.CustomResourceState

	// The accessor for the token.
	Accessor pulumi.StringOutput `pulumi:"accessor"`
	// The unique path of the Vault backend to log in with.
	Backend pulumi.StringPtrOutput `pulumi:"backend"`
	// The Vault token created.
	ClientToken pulumi.StringOutput `pulumi:"clientToken"`
	// How long the token is valid for, in seconds.
	LeaseDuration pulumi.IntOutput `pulumi:"leaseDuration"`
	// The date and time the lease started, in RFC 3339 format.
	LeaseStarted pulumi.StringOutput `pulumi:"leaseStarted"`
	// The metadata associated with the token.
	Metadata pulumi.StringMapOutput `pulumi:"metadata"`
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrOutput `pulumi:"namespace"`
	// A list of policies applied to the token.
	Policies pulumi.StringArrayOutput `pulumi:"policies"`
	// Whether the token is renewable or not.
	Renewable pulumi.BoolOutput `pulumi:"renewable"`
	// The ID of the role to log in with.
	RoleId pulumi.StringOutput `pulumi:"roleId"`
	// The secret ID of the role to log in with. Required
	// unless `bindSecretId` is set to false on the role.
	SecretId pulumi.StringPtrOutput `pulumi:"secretId"`
}

Logs into Vault using the AppRole auth backend. See the [Vault documentation](https://www.vaultproject.io/docs/auth/approle) for more information.

## Example Usage

<!--Start PulumiCodeChooser --> ```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v6/go/vault"
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/appRole"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		approle, err := vault.NewAuthBackend(ctx, "approle", &vault.AuthBackendArgs{
			Type: pulumi.String("approle"),
		})
		if err != nil {
			return err
		}
		example, err := appRole.NewAuthBackendRole(ctx, "example", &appRole.AuthBackendRoleArgs{
			Backend:  approle.Path,
			RoleName: pulumi.String("test-role"),
			TokenPolicies: pulumi.StringArray{
				pulumi.String("default"),
				pulumi.String("dev"),
				pulumi.String("prod"),
			},
		})
		if err != nil {
			return err
		}
		id, err := appRole.NewAuthBackendRoleSecretId(ctx, "id", &appRole.AuthBackendRoleSecretIdArgs{
			Backend:  approle.Path,
			RoleName: example.RoleName,
		})
		if err != nil {
			return err
		}
		_, err = appRole.NewAuthBackendLogin(ctx, "login", &appRole.AuthBackendLoginArgs{
			Backend:  approle.Path,
			RoleId:   example.RoleId,
			SecretId: id.SecretId,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` <!--End PulumiCodeChooser -->

func GetAuthBackendLogin 

func GetAuthBackendLogin(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AuthBackendLoginState, opts ...pulumi.ResourceOption) (*AuthBackendLogin, error)

GetAuthBackendLogin gets an existing AuthBackendLogin resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAuthBackendLogin 

func NewAuthBackendLogin(ctx *pulumi.Context,
	name string, args *AuthBackendLoginArgs, opts ...pulumi.ResourceOption) (*AuthBackendLogin, error)

NewAuthBackendLogin registers a new resource with the given unique name, arguments, and options.

func (*AuthBackendLogin) ElementType 

func (*AuthBackendLogin) ElementType() reflect.Type

func (*AuthBackendLogin) ToAuthBackendLoginOutput 

func (i *AuthBackendLogin) ToAuthBackendLoginOutput() AuthBackendLoginOutput

func (*AuthBackendLogin) ToAuthBackendLoginOutputWithContext 

func (i *AuthBackendLogin) ToAuthBackendLoginOutputWithContext(ctx context.Context) AuthBackendLoginOutput

type AuthBackendLoginArgs 

type AuthBackendLoginArgs struct {
	// The unique path of the Vault backend to log in with.
	Backend pulumi.StringPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// The ID of the role to log in with.
	RoleId pulumi.StringInput
	// The secret ID of the role to log in with. Required
	// unless `bindSecretId` is set to false on the role.
	SecretId pulumi.StringPtrInput
}

The set of arguments for constructing a AuthBackendLogin resource.

func (AuthBackendLoginArgs) ElementType 

func (AuthBackendLoginArgs) ElementType() reflect.Type

type AuthBackendLoginArray 

type AuthBackendLoginArray []AuthBackendLoginInput

func (AuthBackendLoginArray) ElementType 

func (AuthBackendLoginArray) ElementType() reflect.Type

func (AuthBackendLoginArray) ToAuthBackendLoginArrayOutput 

func (i AuthBackendLoginArray) ToAuthBackendLoginArrayOutput() AuthBackendLoginArrayOutput

func (AuthBackendLoginArray) ToAuthBackendLoginArrayOutputWithContext 

func (i AuthBackendLoginArray) ToAuthBackendLoginArrayOutputWithContext(ctx context.Context) AuthBackendLoginArrayOutput

type AuthBackendLoginArrayInput 

type AuthBackendLoginArrayInput interface {
	pulumi.Input

	ToAuthBackendLoginArrayOutput() AuthBackendLoginArrayOutput
	ToAuthBackendLoginArrayOutputWithContext(context.Context) AuthBackendLoginArrayOutput
}

AuthBackendLoginArrayInput is an input type that accepts AuthBackendLoginArray and AuthBackendLoginArrayOutput values. You can construct a concrete instance of `AuthBackendLoginArrayInput` via: 

AuthBackendLoginArray{ AuthBackendLoginArgs{...} }

type AuthBackendLoginArrayOutput 

type AuthBackendLoginArrayOutput struct{ *pulumi.OutputState }

func (AuthBackendLoginArrayOutput) ElementType 

func (AuthBackendLoginArrayOutput) ElementType() reflect.Type

func (AuthBackendLoginArrayOutput) Index 

func (o AuthBackendLoginArrayOutput) Index(i pulumi.IntInput) AuthBackendLoginOutput

func (AuthBackendLoginArrayOutput) ToAuthBackendLoginArrayOutput 

func (o AuthBackendLoginArrayOutput) ToAuthBackendLoginArrayOutput() AuthBackendLoginArrayOutput

func (AuthBackendLoginArrayOutput) ToAuthBackendLoginArrayOutputWithContext 

func (o AuthBackendLoginArrayOutput) ToAuthBackendLoginArrayOutputWithContext(ctx context.Context) AuthBackendLoginArrayOutput

type AuthBackendLoginInput 

type AuthBackendLoginInput interface {
	pulumi.Input

	ToAuthBackendLoginOutput() AuthBackendLoginOutput
	ToAuthBackendLoginOutputWithContext(ctx context.Context) AuthBackendLoginOutput
}

type AuthBackendLoginMap 

type AuthBackendLoginMap map[string]AuthBackendLoginInput

func (AuthBackendLoginMap) ElementType 

func (AuthBackendLoginMap) ElementType() reflect.Type

func (AuthBackendLoginMap) ToAuthBackendLoginMapOutput 

func (i AuthBackendLoginMap) ToAuthBackendLoginMapOutput() AuthBackendLoginMapOutput

func (AuthBackendLoginMap) ToAuthBackendLoginMapOutputWithContext 

func (i AuthBackendLoginMap) ToAuthBackendLoginMapOutputWithContext(ctx context.Context) AuthBackendLoginMapOutput

type AuthBackendLoginMapInput 

type AuthBackendLoginMapInput interface {
	pulumi.Input

	ToAuthBackendLoginMapOutput() AuthBackendLoginMapOutput
	ToAuthBackendLoginMapOutputWithContext(context.Context) AuthBackendLoginMapOutput
}

AuthBackendLoginMapInput is an input type that accepts AuthBackendLoginMap and AuthBackendLoginMapOutput values. You can construct a concrete instance of `AuthBackendLoginMapInput` via: 

AuthBackendLoginMap{ "key": AuthBackendLoginArgs{...} }

type AuthBackendLoginMapOutput 

type AuthBackendLoginMapOutput struct{ *pulumi.OutputState }

func (AuthBackendLoginMapOutput) ElementType 

func (AuthBackendLoginMapOutput) ElementType() reflect.Type

func (AuthBackendLoginMapOutput) MapIndex 

func (o AuthBackendLoginMapOutput) MapIndex(k pulumi.StringInput) AuthBackendLoginOutput

func (AuthBackendLoginMapOutput) ToAuthBackendLoginMapOutput 

func (o AuthBackendLoginMapOutput) ToAuthBackendLoginMapOutput() AuthBackendLoginMapOutput

func (AuthBackendLoginMapOutput) ToAuthBackendLoginMapOutputWithContext 

func (o AuthBackendLoginMapOutput) ToAuthBackendLoginMapOutputWithContext(ctx context.Context) AuthBackendLoginMapOutput

type AuthBackendLoginOutput 

type AuthBackendLoginOutput struct{ *pulumi.OutputState }

func (AuthBackendLoginOutput) Accessor 

func (o AuthBackendLoginOutput) Accessor() pulumi.StringOutput

The accessor for the token.

func (AuthBackendLoginOutput) Backend 

func (o AuthBackendLoginOutput) Backend() pulumi.StringPtrOutput

The unique path of the Vault backend to log in with.

func (AuthBackendLoginOutput) ClientToken 

func (o AuthBackendLoginOutput) ClientToken() pulumi.StringOutput

The Vault token created.

func (AuthBackendLoginOutput) ElementType 

func (AuthBackendLoginOutput) ElementType() reflect.Type

func (AuthBackendLoginOutput) LeaseDuration 

func (o AuthBackendLoginOutput) LeaseDuration() pulumi.IntOutput

How long the token is valid for, in seconds.

func (AuthBackendLoginOutput) LeaseStarted 

func (o AuthBackendLoginOutput) LeaseStarted() pulumi.StringOutput

The date and time the lease started, in RFC 3339 format.

func (AuthBackendLoginOutput) Metadata 

func (o AuthBackendLoginOutput) Metadata() pulumi.StringMapOutput

The metadata associated with the token.

func (AuthBackendLoginOutput) Namespace 

func (o AuthBackendLoginOutput) Namespace() pulumi.StringPtrOutput

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). *Available only for Vault Enterprise*.

func (AuthBackendLoginOutput) Policies 

func (o AuthBackendLoginOutput) Policies() pulumi.StringArrayOutput

A list of policies applied to the token.

func (AuthBackendLoginOutput) Renewable 

func (o AuthBackendLoginOutput) Renewable() pulumi.BoolOutput

Whether the token is renewable or not.

func (AuthBackendLoginOutput) RoleId 

func (o AuthBackendLoginOutput) RoleId() pulumi.StringOutput

The ID of the role to log in with.

func (AuthBackendLoginOutput) SecretId 

func (o AuthBackendLoginOutput) SecretId() pulumi.StringPtrOutput

The secret ID of the role to log in with. Required unless `bindSecretId` is set to false on the role.

func (AuthBackendLoginOutput) ToAuthBackendLoginOutput 

func (o AuthBackendLoginOutput) ToAuthBackendLoginOutput() AuthBackendLoginOutput

func (AuthBackendLoginOutput) ToAuthBackendLoginOutputWithContext 

func (o AuthBackendLoginOutput) ToAuthBackendLoginOutputWithContext(ctx context.Context) AuthBackendLoginOutput

type AuthBackendLoginState 

type AuthBackendLoginState struct {
	// The accessor for the token.
	Accessor pulumi.StringPtrInput
	// The unique path of the Vault backend to log in with.
	Backend pulumi.StringPtrInput
	// The Vault token created.
	ClientToken pulumi.StringPtrInput
	// How long the token is valid for, in seconds.
	LeaseDuration pulumi.IntPtrInput
	// The date and time the lease started, in RFC 3339 format.
	LeaseStarted pulumi.StringPtrInput
	// The metadata associated with the token.
	Metadata pulumi.StringMapInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// A list of policies applied to the token.
	Policies pulumi.StringArrayInput
	// Whether the token is renewable or not.
	Renewable pulumi.BoolPtrInput
	// The ID of the role to log in with.
	RoleId pulumi.StringPtrInput
	// The secret ID of the role to log in with. Required
	// unless `bindSecretId` is set to false on the role.
	SecretId pulumi.StringPtrInput
}

func (AuthBackendLoginState) ElementType 

func (AuthBackendLoginState) ElementType() reflect.Type

type AuthBackendRole 

type AuthBackendRole struct {
	pulumi.CustomResourceState

	// The unique name of the auth backend to configure.
	// Defaults to `approle`.
	Backend pulumi.StringPtrOutput `pulumi:"backend"`
	// Whether or not to require `secretId` to be
	// presented when logging in using this AppRole. Defaults to `true`.
	BindSecretId pulumi.BoolPtrOutput `pulumi:"bindSecretId"`
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrOutput `pulumi:"namespace"`
	// The RoleID of this role. If not specified, one will be
	// auto-generated.
	RoleId pulumi.StringOutput `pulumi:"roleId"`
	// The name of the role.
	RoleName pulumi.StringOutput `pulumi:"roleName"`
	// If set,
	// specifies blocks of IP addresses which can perform the login operation.
	SecretIdBoundCidrs pulumi.StringArrayOutput `pulumi:"secretIdBoundCidrs"`
	// The number of times any particular SecretID
	// can be used to fetch a token from this AppRole, after which the SecretID will
	// expire. A value of zero will allow unlimited uses.
	SecretIdNumUses pulumi.IntPtrOutput `pulumi:"secretIdNumUses"`
	// The number of seconds after which any SecretID
	// expires.
	SecretIdTtl pulumi.IntPtrOutput `pulumi:"secretIdTtl"`
	// List of CIDR blocks; if set, specifies blocks of IP
	// addresses which can authenticate successfully, and ties the resulting token to these blocks
	// as well.
	TokenBoundCidrs pulumi.StringArrayOutput `pulumi:"tokenBoundCidrs"`
	// If set, will encode an
	// [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
	// onto the token in number of seconds. This is a hard cap even if `tokenTtl` and
	// `tokenMaxTtl` would otherwise allow a renewal.
	TokenExplicitMaxTtl pulumi.IntPtrOutput `pulumi:"tokenExplicitMaxTtl"`
	// The maximum lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenMaxTtl pulumi.IntPtrOutput `pulumi:"tokenMaxTtl"`
	// If set, the default policy will not be set on
	// generated tokens; otherwise it will be added to the policies set in token_policies.
	TokenNoDefaultPolicy pulumi.BoolPtrOutput `pulumi:"tokenNoDefaultPolicy"`
	// The [maximum number](https://www.vaultproject.io/api-docs/auth/approle#token_num_uses)
	// of times a generated token may be used (within its lifetime); 0 means unlimited.
	TokenNumUses pulumi.IntPtrOutput `pulumi:"tokenNumUses"`
	// If set, indicates that the
	// token generated using this role should never expire. The token should be renewed within the
	// duration specified by this value. At each renewal, the token's TTL will be set to the
	// value of this field. Specified in seconds.
	TokenPeriod pulumi.IntPtrOutput `pulumi:"tokenPeriod"`
	// List of policies to encode onto generated tokens. Depending
	// on the auth method, this list may be supplemented by user/group/other values.
	TokenPolicies pulumi.StringArrayOutput `pulumi:"tokenPolicies"`
	// The incremental lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenTtl pulumi.IntPtrOutput `pulumi:"tokenTtl"`
	// The type of token that should be generated. Can be `service`,
	// `batch`, or `default` to use the mount's tuned default (which unless changed will be
	// `service` tokens). For token store roles, there are two additional possibilities:
	// `default-service` and `default-batch` which specify the type to return unless the client
	// requests a different type at generation time.
	TokenType pulumi.StringPtrOutput `pulumi:"tokenType"`
}

Manages an AppRole auth backend role in a Vault server. See the [Vault documentation](https://www.vaultproject.io/docs/auth/approle) for more information.

## Example Usage

<!--Start PulumiCodeChooser --> ```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v6/go/vault"
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/appRole"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		approle, err := vault.NewAuthBackend(ctx, "approle", &vault.AuthBackendArgs{
			Type: pulumi.String("approle"),
		})
		if err != nil {
			return err
		}
		_, err = appRole.NewAuthBackendRole(ctx, "example", &appRole.AuthBackendRoleArgs{
			Backend:  approle.Path,
			RoleName: pulumi.String("test-role"),
			TokenPolicies: pulumi.StringArray{
				pulumi.String("default"),
				pulumi.String("dev"),
				pulumi.String("prod"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` <!--End PulumiCodeChooser -->

## Import

AppRole authentication backend roles can be imported using the `path`, e.g.

```sh $ pulumi import vault:appRole/authBackendRole:AuthBackendRole example auth/approle/role/test-role ```

func GetAuthBackendRole 

func GetAuthBackendRole(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AuthBackendRoleState, opts ...pulumi.ResourceOption) (*AuthBackendRole, error)

GetAuthBackendRole gets an existing AuthBackendRole resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAuthBackendRole 

func NewAuthBackendRole(ctx *pulumi.Context,
	name string, args *AuthBackendRoleArgs, opts ...pulumi.ResourceOption) (*AuthBackendRole, error)

NewAuthBackendRole registers a new resource with the given unique name, arguments, and options.

func (*AuthBackendRole) ElementType 

func (*AuthBackendRole) ElementType() reflect.Type

func (*AuthBackendRole) ToAuthBackendRoleOutput 

func (i *AuthBackendRole) ToAuthBackendRoleOutput() AuthBackendRoleOutput

func (*AuthBackendRole) ToAuthBackendRoleOutputWithContext 

func (i *AuthBackendRole) ToAuthBackendRoleOutputWithContext(ctx context.Context) AuthBackendRoleOutput

type AuthBackendRoleArgs 

type AuthBackendRoleArgs struct {
	// The unique name of the auth backend to configure.
	// Defaults to `approle`.
	Backend pulumi.StringPtrInput
	// Whether or not to require `secretId` to be
	// presented when logging in using this AppRole. Defaults to `true`.
	BindSecretId pulumi.BoolPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// The RoleID of this role. If not specified, one will be
	// auto-generated.
	RoleId pulumi.StringPtrInput
	// The name of the role.
	RoleName pulumi.StringInput
	// If set,
	// specifies blocks of IP addresses which can perform the login operation.
	SecretIdBoundCidrs pulumi.StringArrayInput
	// The number of times any particular SecretID
	// can be used to fetch a token from this AppRole, after which the SecretID will
	// expire. A value of zero will allow unlimited uses.
	SecretIdNumUses pulumi.IntPtrInput
	// The number of seconds after which any SecretID
	// expires.
	SecretIdTtl pulumi.IntPtrInput
	// List of CIDR blocks; if set, specifies blocks of IP
	// addresses which can authenticate successfully, and ties the resulting token to these blocks
	// as well.
	TokenBoundCidrs pulumi.StringArrayInput
	// If set, will encode an
	// [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
	// onto the token in number of seconds. This is a hard cap even if `tokenTtl` and
	// `tokenMaxTtl` would otherwise allow a renewal.
	TokenExplicitMaxTtl pulumi.IntPtrInput
	// The maximum lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenMaxTtl pulumi.IntPtrInput
	// If set, the default policy will not be set on
	// generated tokens; otherwise it will be added to the policies set in token_policies.
	TokenNoDefaultPolicy pulumi.BoolPtrInput
	// The [maximum number](https://www.vaultproject.io/api-docs/auth/approle#token_num_uses)
	// of times a generated token may be used (within its lifetime); 0 means unlimited.
	TokenNumUses pulumi.IntPtrInput
	// If set, indicates that the
	// token generated using this role should never expire. The token should be renewed within the
	// duration specified by this value. At each renewal, the token's TTL will be set to the
	// value of this field. Specified in seconds.
	TokenPeriod pulumi.IntPtrInput
	// List of policies to encode onto generated tokens. Depending
	// on the auth method, this list may be supplemented by user/group/other values.
	TokenPolicies pulumi.StringArrayInput
	// The incremental lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenTtl pulumi.IntPtrInput
	// The type of token that should be generated. Can be `service`,
	// `batch`, or `default` to use the mount's tuned default (which unless changed will be
	// `service` tokens). For token store roles, there are two additional possibilities:
	// `default-service` and `default-batch` which specify the type to return unless the client
	// requests a different type at generation time.
	TokenType pulumi.StringPtrInput
}

The set of arguments for constructing a AuthBackendRole resource.

func (AuthBackendRoleArgs) ElementType 

func (AuthBackendRoleArgs) ElementType() reflect.Type

type AuthBackendRoleArray 

type AuthBackendRoleArray []AuthBackendRoleInput

func (AuthBackendRoleArray) ElementType 

func (AuthBackendRoleArray) ElementType() reflect.Type

func (AuthBackendRoleArray) ToAuthBackendRoleArrayOutput 

func (i AuthBackendRoleArray) ToAuthBackendRoleArrayOutput() AuthBackendRoleArrayOutput

func (AuthBackendRoleArray) ToAuthBackendRoleArrayOutputWithContext 

func (i AuthBackendRoleArray) ToAuthBackendRoleArrayOutputWithContext(ctx context.Context) AuthBackendRoleArrayOutput

type AuthBackendRoleArrayInput 

type AuthBackendRoleArrayInput interface {
	pulumi.Input

	ToAuthBackendRoleArrayOutput() AuthBackendRoleArrayOutput
	ToAuthBackendRoleArrayOutputWithContext(context.Context) AuthBackendRoleArrayOutput
}

AuthBackendRoleArrayInput is an input type that accepts AuthBackendRoleArray and AuthBackendRoleArrayOutput values. You can construct a concrete instance of `AuthBackendRoleArrayInput` via: 

AuthBackendRoleArray{ AuthBackendRoleArgs{...} }

type AuthBackendRoleArrayOutput 

type AuthBackendRoleArrayOutput struct{ *pulumi.OutputState }

func (AuthBackendRoleArrayOutput) ElementType 

func (AuthBackendRoleArrayOutput) ElementType() reflect.Type

func (AuthBackendRoleArrayOutput) Index 

func (o AuthBackendRoleArrayOutput) Index(i pulumi.IntInput) AuthBackendRoleOutput

func (AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutput 

func (o AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutput() AuthBackendRoleArrayOutput

func (AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutputWithContext 

func (o AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutputWithContext(ctx context.Context) AuthBackendRoleArrayOutput

type AuthBackendRoleInput 

type AuthBackendRoleInput interface {
	pulumi.Input

	ToAuthBackendRoleOutput() AuthBackendRoleOutput
	ToAuthBackendRoleOutputWithContext(ctx context.Context) AuthBackendRoleOutput
}

type AuthBackendRoleMap 

type AuthBackendRoleMap map[string]AuthBackendRoleInput

func (AuthBackendRoleMap) ElementType 

func (AuthBackendRoleMap) ElementType() reflect.Type

func (AuthBackendRoleMap) ToAuthBackendRoleMapOutput 

func (i AuthBackendRoleMap) ToAuthBackendRoleMapOutput() AuthBackendRoleMapOutput

func (AuthBackendRoleMap) ToAuthBackendRoleMapOutputWithContext 

func (i AuthBackendRoleMap) ToAuthBackendRoleMapOutputWithContext(ctx context.Context) AuthBackendRoleMapOutput

type AuthBackendRoleMapInput 

type AuthBackendRoleMapInput interface {
	pulumi.Input

	ToAuthBackendRoleMapOutput() AuthBackendRoleMapOutput
	ToAuthBackendRoleMapOutputWithContext(context.Context) AuthBackendRoleMapOutput
}

AuthBackendRoleMapInput is an input type that accepts AuthBackendRoleMap and AuthBackendRoleMapOutput values. You can construct a concrete instance of `AuthBackendRoleMapInput` via: 

AuthBackendRoleMap{ "key": AuthBackendRoleArgs{...} }

type AuthBackendRoleMapOutput 

type AuthBackendRoleMapOutput struct{ *pulumi.OutputState }

func (AuthBackendRoleMapOutput) ElementType 

func (AuthBackendRoleMapOutput) ElementType() reflect.Type

func (AuthBackendRoleMapOutput) MapIndex 

func (o AuthBackendRoleMapOutput) MapIndex(k pulumi.StringInput) AuthBackendRoleOutput

func (AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutput 

func (o AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutput() AuthBackendRoleMapOutput

func (AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutputWithContext 

func (o AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutputWithContext(ctx context.Context) AuthBackendRoleMapOutput

type AuthBackendRoleOutput 

type AuthBackendRoleOutput struct{ *pulumi.OutputState }

func (AuthBackendRoleOutput) Backend 

func (o AuthBackendRoleOutput) Backend() pulumi.StringPtrOutput

The unique name of the auth backend to configure. Defaults to `approle`.

func (AuthBackendRoleOutput) BindSecretId 

func (o AuthBackendRoleOutput) BindSecretId() pulumi.BoolPtrOutput

Whether or not to require `secretId` to be presented when logging in using this AppRole. Defaults to `true`.

func (AuthBackendRoleOutput) ElementType 

func (AuthBackendRoleOutput) ElementType() reflect.Type

func (AuthBackendRoleOutput) Namespace 

func (o AuthBackendRoleOutput) Namespace() pulumi.StringPtrOutput

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). *Available only for Vault Enterprise*.

func (AuthBackendRoleOutput) RoleId 

func (o AuthBackendRoleOutput) RoleId() pulumi.StringOutput

The RoleID of this role. If not specified, one will be auto-generated.

func (AuthBackendRoleOutput) RoleName 

func (o AuthBackendRoleOutput) RoleName() pulumi.StringOutput

The name of the role.

func (AuthBackendRoleOutput) SecretIdBoundCidrs 

func (o AuthBackendRoleOutput) SecretIdBoundCidrs() pulumi.StringArrayOutput

If set, specifies blocks of IP addresses which can perform the login operation.

func (AuthBackendRoleOutput) SecretIdNumUses 

func (o AuthBackendRoleOutput) SecretIdNumUses() pulumi.IntPtrOutput

The number of times any particular SecretID can be used to fetch a token from this AppRole, after which the SecretID will expire. A value of zero will allow unlimited uses.

func (AuthBackendRoleOutput) SecretIdTtl 

func (o AuthBackendRoleOutput) SecretIdTtl() pulumi.IntPtrOutput

The number of seconds after which any SecretID expires.

func (AuthBackendRoleOutput) ToAuthBackendRoleOutput 

func (o AuthBackendRoleOutput) ToAuthBackendRoleOutput() AuthBackendRoleOutput

func (AuthBackendRoleOutput) ToAuthBackendRoleOutputWithContext 

func (o AuthBackendRoleOutput) ToAuthBackendRoleOutputWithContext(ctx context.Context) AuthBackendRoleOutput

func (AuthBackendRoleOutput) TokenBoundCidrs 

func (o AuthBackendRoleOutput) TokenBoundCidrs() pulumi.StringArrayOutput

List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.

func (AuthBackendRoleOutput) TokenExplicitMaxTtl 

func (o AuthBackendRoleOutput) TokenExplicitMaxTtl() pulumi.IntPtrOutput

If set, will encode an [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls) onto the token in number of seconds. This is a hard cap even if `tokenTtl` and `tokenMaxTtl` would otherwise allow a renewal.

func (AuthBackendRoleOutput) TokenMaxTtl 

func (o AuthBackendRoleOutput) TokenMaxTtl() pulumi.IntPtrOutput

The maximum lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.

func (AuthBackendRoleOutput) TokenNoDefaultPolicy 

func (o AuthBackendRoleOutput) TokenNoDefaultPolicy() pulumi.BoolPtrOutput

If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in token_policies.

func (AuthBackendRoleOutput) TokenNumUses 

func (o AuthBackendRoleOutput) TokenNumUses() pulumi.IntPtrOutput

The [maximum number](https://www.vaultproject.io/api-docs/auth/approle#token_num_uses) of times a generated token may be used (within its lifetime); 0 means unlimited.

func (AuthBackendRoleOutput) TokenPeriod 

func (o AuthBackendRoleOutput) TokenPeriod() pulumi.IntPtrOutput

If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token's TTL will be set to the value of this field. Specified in seconds.

func (AuthBackendRoleOutput) TokenPolicies 

func (o AuthBackendRoleOutput) TokenPolicies() pulumi.StringArrayOutput

List of policies to encode onto generated tokens. Depending on the auth method, this list may be supplemented by user/group/other values.

func (AuthBackendRoleOutput) TokenTtl 

func (o AuthBackendRoleOutput) TokenTtl() pulumi.IntPtrOutput

The incremental lifetime for generated tokens in number of seconds. Its current value will be referenced at renewal time.

func (AuthBackendRoleOutput) TokenType 

func (o AuthBackendRoleOutput) TokenType() pulumi.StringPtrOutput

The type of token that should be generated. Can be `service`, `batch`, or `default` to use the mount's tuned default (which unless changed will be `service` tokens). For token store roles, there are two additional possibilities: `default-service` and `default-batch` which specify the type to return unless the client requests a different type at generation time.

type AuthBackendRoleSecretId 

type AuthBackendRoleSecretId struct {
	pulumi.CustomResourceState

	// The unique ID for this SecretID that can be safely logged.
	Accessor pulumi.StringOutput `pulumi:"accessor"`
	// Unique name of the auth backend to configure.
	Backend pulumi.StringPtrOutput `pulumi:"backend"`
	// If set, specifies blocks of IP addresses which can
	// perform the login operation using this SecretID.
	CidrLists pulumi.StringArrayOutput `pulumi:"cidrLists"`
	// A JSON-encoded string containing metadata in
	// key-value pairs to be set on tokens issued with this SecretID.
	Metadata pulumi.StringPtrOutput `pulumi:"metadata"`
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrOutput `pulumi:"namespace"`
	// The name of the role to create the SecretID for.
	RoleName pulumi.StringOutput `pulumi:"roleName"`
	// The SecretID to be created. If set, uses "Push"
	// mode.  Defaults to Vault auto-generating SecretIDs.
	SecretId pulumi.StringOutput `pulumi:"secretId"`
	// Set to `true` to use the wrapped secret-id accessor as the resource ID.
	// If `false` (default value), a fresh secret ID will be regenerated whenever the wrapping token is expired or
	// invalidated through unwrapping.
	WithWrappedAccessor pulumi.BoolPtrOutput `pulumi:"withWrappedAccessor"`
	// The unique ID for the response-wrapped SecretID that can
	// be safely logged.
	WrappingAccessor pulumi.StringOutput `pulumi:"wrappingAccessor"`
	// The token used to retrieve a response-wrapped SecretID.
	WrappingToken pulumi.StringOutput `pulumi:"wrappingToken"`
	// If set, the SecretID response will be
	// [response-wrapped](https://www.vaultproject.io/docs/concepts/response-wrapping)
	// and available for the duration specified. Only a single unwrapping of the
	// token is allowed.
	WrappingTtl pulumi.StringPtrOutput `pulumi:"wrappingTtl"`
}

Manages an AppRole auth backend SecretID in a Vault server. See the [Vault documentation](https://www.vaultproject.io/docs/auth/approle) for more information.

## Example Usage

<!--Start PulumiCodeChooser --> ```go package main

import ( 

"encoding/json"

"github.com/pulumi/pulumi-vault/sdk/v6/go/vault"
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/appRole"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		approle, err := vault.NewAuthBackend(ctx, "approle", &vault.AuthBackendArgs{
			Type: pulumi.String("approle"),
		})
		if err != nil {
			return err
		}
		example, err := appRole.NewAuthBackendRole(ctx, "example", &appRole.AuthBackendRoleArgs{
			Backend:  approle.Path,
			RoleName: pulumi.String("test-role"),
			TokenPolicies: pulumi.StringArray{
				pulumi.String("default"),
				pulumi.String("dev"),
				pulumi.String("prod"),
			},
		})
		if err != nil {
			return err
		}
		tmpJSON0, err := json.Marshal(map[string]interface{}{
			"hello": "world",
		})
		if err != nil {
			return err
		}
		json0 := string(tmpJSON0)
		_, err = appRole.NewAuthBackendRoleSecretId(ctx, "id", &appRole.AuthBackendRoleSecretIdArgs{
			Backend:  approle.Path,
			RoleName: example.RoleName,
			Metadata: pulumi.String(json0),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` <!--End PulumiCodeChooser -->

func GetAuthBackendRoleSecretId 

func GetAuthBackendRoleSecretId(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AuthBackendRoleSecretIdState, opts ...pulumi.ResourceOption) (*AuthBackendRoleSecretId, error)

GetAuthBackendRoleSecretId gets an existing AuthBackendRoleSecretId resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAuthBackendRoleSecretId 

func NewAuthBackendRoleSecretId(ctx *pulumi.Context,
	name string, args *AuthBackendRoleSecretIdArgs, opts ...pulumi.ResourceOption) (*AuthBackendRoleSecretId, error)

NewAuthBackendRoleSecretId registers a new resource with the given unique name, arguments, and options.

func (*AuthBackendRoleSecretId) ElementType 

func (*AuthBackendRoleSecretId) ElementType() reflect.Type

func (*AuthBackendRoleSecretId) ToAuthBackendRoleSecretIdOutput 

func (i *AuthBackendRoleSecretId) ToAuthBackendRoleSecretIdOutput() AuthBackendRoleSecretIdOutput

func (*AuthBackendRoleSecretId) ToAuthBackendRoleSecretIdOutputWithContext 

func (i *AuthBackendRoleSecretId) ToAuthBackendRoleSecretIdOutputWithContext(ctx context.Context) AuthBackendRoleSecretIdOutput

type AuthBackendRoleSecretIdArgs 

type AuthBackendRoleSecretIdArgs struct {
	// Unique name of the auth backend to configure.
	Backend pulumi.StringPtrInput
	// If set, specifies blocks of IP addresses which can
	// perform the login operation using this SecretID.
	CidrLists pulumi.StringArrayInput
	// A JSON-encoded string containing metadata in
	// key-value pairs to be set on tokens issued with this SecretID.
	Metadata pulumi.StringPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// The name of the role to create the SecretID for.
	RoleName pulumi.StringInput
	// The SecretID to be created. If set, uses "Push"
	// mode.  Defaults to Vault auto-generating SecretIDs.
	SecretId pulumi.StringPtrInput
	// Set to `true` to use the wrapped secret-id accessor as the resource ID.
	// If `false` (default value), a fresh secret ID will be regenerated whenever the wrapping token is expired or
	// invalidated through unwrapping.
	WithWrappedAccessor pulumi.BoolPtrInput
	// If set, the SecretID response will be
	// [response-wrapped](https://www.vaultproject.io/docs/concepts/response-wrapping)
	// and available for the duration specified. Only a single unwrapping of the
	// token is allowed.
	WrappingTtl pulumi.StringPtrInput
}

The set of arguments for constructing a AuthBackendRoleSecretId resource.

func (AuthBackendRoleSecretIdArgs) ElementType 

func (AuthBackendRoleSecretIdArgs) ElementType() reflect.Type

type AuthBackendRoleSecretIdArray 

type AuthBackendRoleSecretIdArray []AuthBackendRoleSecretIdInput

func (AuthBackendRoleSecretIdArray) ElementType 

func (AuthBackendRoleSecretIdArray) ElementType() reflect.Type

func (AuthBackendRoleSecretIdArray) ToAuthBackendRoleSecretIdArrayOutput 

func (i AuthBackendRoleSecretIdArray) ToAuthBackendRoleSecretIdArrayOutput() AuthBackendRoleSecretIdArrayOutput

func (AuthBackendRoleSecretIdArray) ToAuthBackendRoleSecretIdArrayOutputWithContext 

func (i AuthBackendRoleSecretIdArray) ToAuthBackendRoleSecretIdArrayOutputWithContext(ctx context.Context) AuthBackendRoleSecretIdArrayOutput

type AuthBackendRoleSecretIdArrayInput 

type AuthBackendRoleSecretIdArrayInput interface {
	pulumi.Input

	ToAuthBackendRoleSecretIdArrayOutput() AuthBackendRoleSecretIdArrayOutput
	ToAuthBackendRoleSecretIdArrayOutputWithContext(context.Context) AuthBackendRoleSecretIdArrayOutput
}

AuthBackendRoleSecretIdArrayInput is an input type that accepts AuthBackendRoleSecretIdArray and AuthBackendRoleSecretIdArrayOutput values. You can construct a concrete instance of `AuthBackendRoleSecretIdArrayInput` via: 

AuthBackendRoleSecretIdArray{ AuthBackendRoleSecretIdArgs{...} }

type AuthBackendRoleSecretIdArrayOutput 

type AuthBackendRoleSecretIdArrayOutput struct{ *pulumi.OutputState }

func (AuthBackendRoleSecretIdArrayOutput) ElementType 

func (AuthBackendRoleSecretIdArrayOutput) ElementType() reflect.Type

func (AuthBackendRoleSecretIdArrayOutput) Index 

func (o AuthBackendRoleSecretIdArrayOutput) Index(i pulumi.IntInput) AuthBackendRoleSecretIdOutput

func (AuthBackendRoleSecretIdArrayOutput) ToAuthBackendRoleSecretIdArrayOutput 

func (o AuthBackendRoleSecretIdArrayOutput) ToAuthBackendRoleSecretIdArrayOutput() AuthBackendRoleSecretIdArrayOutput

func (AuthBackendRoleSecretIdArrayOutput) ToAuthBackendRoleSecretIdArrayOutputWithContext 

func (o AuthBackendRoleSecretIdArrayOutput) ToAuthBackendRoleSecretIdArrayOutputWithContext(ctx context.Context) AuthBackendRoleSecretIdArrayOutput

type AuthBackendRoleSecretIdInput 

type AuthBackendRoleSecretIdInput interface {
	pulumi.Input

	ToAuthBackendRoleSecretIdOutput() AuthBackendRoleSecretIdOutput
	ToAuthBackendRoleSecretIdOutputWithContext(ctx context.Context) AuthBackendRoleSecretIdOutput
}

type AuthBackendRoleSecretIdMap 

type AuthBackendRoleSecretIdMap map[string]AuthBackendRoleSecretIdInput

func (AuthBackendRoleSecretIdMap) ElementType 

func (AuthBackendRoleSecretIdMap) ElementType() reflect.Type

func (AuthBackendRoleSecretIdMap) ToAuthBackendRoleSecretIdMapOutput 

func (i AuthBackendRoleSecretIdMap) ToAuthBackendRoleSecretIdMapOutput() AuthBackendRoleSecretIdMapOutput

func (AuthBackendRoleSecretIdMap) ToAuthBackendRoleSecretIdMapOutputWithContext 

func (i AuthBackendRoleSecretIdMap) ToAuthBackendRoleSecretIdMapOutputWithContext(ctx context.Context) AuthBackendRoleSecretIdMapOutput

type AuthBackendRoleSecretIdMapInput 

type AuthBackendRoleSecretIdMapInput interface {
	pulumi.Input

	ToAuthBackendRoleSecretIdMapOutput() AuthBackendRoleSecretIdMapOutput
	ToAuthBackendRoleSecretIdMapOutputWithContext(context.Context) AuthBackendRoleSecretIdMapOutput
}

AuthBackendRoleSecretIdMapInput is an input type that accepts AuthBackendRoleSecretIdMap and AuthBackendRoleSecretIdMapOutput values. You can construct a concrete instance of `AuthBackendRoleSecretIdMapInput` via: 

AuthBackendRoleSecretIdMap{ "key": AuthBackendRoleSecretIdArgs{...} }

type AuthBackendRoleSecretIdMapOutput 

type AuthBackendRoleSecretIdMapOutput struct{ *pulumi.OutputState }

func (AuthBackendRoleSecretIdMapOutput) ElementType 

func (AuthBackendRoleSecretIdMapOutput) ElementType() reflect.Type

func (AuthBackendRoleSecretIdMapOutput) MapIndex 

func (o AuthBackendRoleSecretIdMapOutput) MapIndex(k pulumi.StringInput) AuthBackendRoleSecretIdOutput

func (AuthBackendRoleSecretIdMapOutput) ToAuthBackendRoleSecretIdMapOutput 

func (o AuthBackendRoleSecretIdMapOutput) ToAuthBackendRoleSecretIdMapOutput() AuthBackendRoleSecretIdMapOutput

func (AuthBackendRoleSecretIdMapOutput) ToAuthBackendRoleSecretIdMapOutputWithContext 

func (o AuthBackendRoleSecretIdMapOutput) ToAuthBackendRoleSecretIdMapOutputWithContext(ctx context.Context) AuthBackendRoleSecretIdMapOutput

type AuthBackendRoleSecretIdOutput 

type AuthBackendRoleSecretIdOutput struct{ *pulumi.OutputState }

func (AuthBackendRoleSecretIdOutput) Accessor 

func (o AuthBackendRoleSecretIdOutput) Accessor() pulumi.StringOutput

The unique ID for this SecretID that can be safely logged.

func (AuthBackendRoleSecretIdOutput) Backend 

func (o AuthBackendRoleSecretIdOutput) Backend() pulumi.StringPtrOutput

Unique name of the auth backend to configure.

func (AuthBackendRoleSecretIdOutput) CidrLists 

func (o AuthBackendRoleSecretIdOutput) CidrLists() pulumi.StringArrayOutput

If set, specifies blocks of IP addresses which can perform the login operation using this SecretID.

func (AuthBackendRoleSecretIdOutput) ElementType 

func (AuthBackendRoleSecretIdOutput) ElementType() reflect.Type

func (AuthBackendRoleSecretIdOutput) Metadata 

func (o AuthBackendRoleSecretIdOutput) Metadata() pulumi.StringPtrOutput

A JSON-encoded string containing metadata in key-value pairs to be set on tokens issued with this SecretID.

func (AuthBackendRoleSecretIdOutput) Namespace 

func (o AuthBackendRoleSecretIdOutput) Namespace() pulumi.StringPtrOutput

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). *Available only for Vault Enterprise*.

func (AuthBackendRoleSecretIdOutput) RoleName 

func (o AuthBackendRoleSecretIdOutput) RoleName() pulumi.StringOutput

The name of the role to create the SecretID for.

func (AuthBackendRoleSecretIdOutput) SecretId 

func (o AuthBackendRoleSecretIdOutput) SecretId() pulumi.StringOutput

The SecretID to be created. If set, uses "Push" mode. Defaults to Vault auto-generating SecretIDs.

func (AuthBackendRoleSecretIdOutput) ToAuthBackendRoleSecretIdOutput 

func (o AuthBackendRoleSecretIdOutput) ToAuthBackendRoleSecretIdOutput() AuthBackendRoleSecretIdOutput

func (AuthBackendRoleSecretIdOutput) ToAuthBackendRoleSecretIdOutputWithContext 

func (o AuthBackendRoleSecretIdOutput) ToAuthBackendRoleSecretIdOutputWithContext(ctx context.Context) AuthBackendRoleSecretIdOutput

func (AuthBackendRoleSecretIdOutput) WithWrappedAccessor 

func (o AuthBackendRoleSecretIdOutput) WithWrappedAccessor() pulumi.BoolPtrOutput

Set to `true` to use the wrapped secret-id accessor as the resource ID. If `false` (default value), a fresh secret ID will be regenerated whenever the wrapping token is expired or invalidated through unwrapping.

func (AuthBackendRoleSecretIdOutput) WrappingAccessor 

func (o AuthBackendRoleSecretIdOutput) WrappingAccessor() pulumi.StringOutput

The unique ID for the response-wrapped SecretID that can be safely logged.

func (AuthBackendRoleSecretIdOutput) WrappingToken 

func (o AuthBackendRoleSecretIdOutput) WrappingToken() pulumi.StringOutput

The token used to retrieve a response-wrapped SecretID.

func (AuthBackendRoleSecretIdOutput) WrappingTtl 

func (o AuthBackendRoleSecretIdOutput) WrappingTtl() pulumi.StringPtrOutput

If set, the SecretID response will be [response-wrapped](https://www.vaultproject.io/docs/concepts/response-wrapping) and available for the duration specified. Only a single unwrapping of the token is allowed.

type AuthBackendRoleSecretIdState 

type AuthBackendRoleSecretIdState struct {
	// The unique ID for this SecretID that can be safely logged.
	Accessor pulumi.StringPtrInput
	// Unique name of the auth backend to configure.
	Backend pulumi.StringPtrInput
	// If set, specifies blocks of IP addresses which can
	// perform the login operation using this SecretID.
	CidrLists pulumi.StringArrayInput
	// A JSON-encoded string containing metadata in
	// key-value pairs to be set on tokens issued with this SecretID.
	Metadata pulumi.StringPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// The name of the role to create the SecretID for.
	RoleName pulumi.StringPtrInput
	// The SecretID to be created. If set, uses "Push"
	// mode.  Defaults to Vault auto-generating SecretIDs.
	SecretId pulumi.StringPtrInput
	// Set to `true` to use the wrapped secret-id accessor as the resource ID.
	// If `false` (default value), a fresh secret ID will be regenerated whenever the wrapping token is expired or
	// invalidated through unwrapping.
	WithWrappedAccessor pulumi.BoolPtrInput
	// The unique ID for the response-wrapped SecretID that can
	// be safely logged.
	WrappingAccessor pulumi.StringPtrInput
	// The token used to retrieve a response-wrapped SecretID.
	WrappingToken pulumi.StringPtrInput
	// If set, the SecretID response will be
	// [response-wrapped](https://www.vaultproject.io/docs/concepts/response-wrapping)
	// and available for the duration specified. Only a single unwrapping of the
	// token is allowed.
	WrappingTtl pulumi.StringPtrInput
}

func (AuthBackendRoleSecretIdState) ElementType 

func (AuthBackendRoleSecretIdState) ElementType() reflect.Type

type AuthBackendRoleState 

type AuthBackendRoleState struct {
	// The unique name of the auth backend to configure.
	// Defaults to `approle`.
	Backend pulumi.StringPtrInput
	// Whether or not to require `secretId` to be
	// presented when logging in using this AppRole. Defaults to `true`.
	BindSecretId pulumi.BoolPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// The RoleID of this role. If not specified, one will be
	// auto-generated.
	RoleId pulumi.StringPtrInput
	// The name of the role.
	RoleName pulumi.StringPtrInput
	// If set,
	// specifies blocks of IP addresses which can perform the login operation.
	SecretIdBoundCidrs pulumi.StringArrayInput
	// The number of times any particular SecretID
	// can be used to fetch a token from this AppRole, after which the SecretID will
	// expire. A value of zero will allow unlimited uses.
	SecretIdNumUses pulumi.IntPtrInput
	// The number of seconds after which any SecretID
	// expires.
	SecretIdTtl pulumi.IntPtrInput
	// List of CIDR blocks; if set, specifies blocks of IP
	// addresses which can authenticate successfully, and ties the resulting token to these blocks
	// as well.
	TokenBoundCidrs pulumi.StringArrayInput
	// If set, will encode an
	// [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
	// onto the token in number of seconds. This is a hard cap even if `tokenTtl` and
	// `tokenMaxTtl` would otherwise allow a renewal.
	TokenExplicitMaxTtl pulumi.IntPtrInput
	// The maximum lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenMaxTtl pulumi.IntPtrInput
	// If set, the default policy will not be set on
	// generated tokens; otherwise it will be added to the policies set in token_policies.
	TokenNoDefaultPolicy pulumi.BoolPtrInput
	// The [maximum number](https://www.vaultproject.io/api-docs/auth/approle#token_num_uses)
	// of times a generated token may be used (within its lifetime); 0 means unlimited.
	TokenNumUses pulumi.IntPtrInput
	// If set, indicates that the
	// token generated using this role should never expire. The token should be renewed within the
	// duration specified by this value. At each renewal, the token's TTL will be set to the
	// value of this field. Specified in seconds.
	TokenPeriod pulumi.IntPtrInput
	// List of policies to encode onto generated tokens. Depending
	// on the auth method, this list may be supplemented by user/group/other values.
	TokenPolicies pulumi.StringArrayInput
	// The incremental lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenTtl pulumi.IntPtrInput
	// The type of token that should be generated. Can be `service`,
	// `batch`, or `default` to use the mount's tuned default (which unless changed will be
	// `service` tokens). For token store roles, there are two additional possibilities:
	// `default-service` and `default-batch` which specify the type to return unless the client
	// requests a different type at generation time.
	TokenType pulumi.StringPtrInput
}

func (AuthBackendRoleState) ElementType 

func (AuthBackendRoleState) ElementType() reflect.Type

type GetAuthBackendRoleIdArgs 

type GetAuthBackendRoleIdArgs struct {
	// The unique name for the AppRole backend the role to
	// retrieve a RoleID for resides in. Defaults to "approle".
	Backend *string `pulumi:"backend"`
	// The namespace of the target resource.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured namespace.
	// *Available only for Vault Enterprise*.
	Namespace *string `pulumi:"namespace"`
	// The name of the role to retrieve the Role ID for.
	RoleName string `pulumi:"roleName"`
}

A collection of arguments for invoking getAuthBackendRoleId.

type GetAuthBackendRoleIdOutputArgs 

type GetAuthBackendRoleIdOutputArgs struct {
	// The unique name for the AppRole backend the role to
	// retrieve a RoleID for resides in. Defaults to "approle".
	Backend pulumi.StringPtrInput `pulumi:"backend"`
	// The namespace of the target resource.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured namespace.
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput `pulumi:"namespace"`
	// The name of the role to retrieve the Role ID for.
	RoleName pulumi.StringInput `pulumi:"roleName"`
}

A collection of arguments for invoking getAuthBackendRoleId.

func (GetAuthBackendRoleIdOutputArgs) ElementType 

func (GetAuthBackendRoleIdOutputArgs) ElementType() reflect.Type

type GetAuthBackendRoleIdResult 

type GetAuthBackendRoleIdResult struct {
	Backend *string `pulumi:"backend"`
	// The provider-assigned unique ID for this managed resource.
	Id        string  `pulumi:"id"`
	Namespace *string `pulumi:"namespace"`
	// The RoleID of the role.
	RoleId   string `pulumi:"roleId"`
	RoleName string `pulumi:"roleName"`
}

A collection of values returned by getAuthBackendRoleId.

func GetAuthBackendRoleId 

func GetAuthBackendRoleId(ctx *pulumi.Context, args *GetAuthBackendRoleIdArgs, opts ...pulumi.InvokeOption) (*GetAuthBackendRoleIdResult, error)

Reads the Role ID of an AppRole from a Vault server.

## Example Usage

<!--Start PulumiCodeChooser --> ```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/appRole"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		role, err := appRole.GetAuthBackendRoleId(ctx, &approle.GetAuthBackendRoleIdArgs{
			Backend:  pulumi.StringRef("my-approle-backend"),
			RoleName: "my-role",
		}, nil)
		if err != nil {
			return err
		}
		ctx.Export("role-id", role.RoleId)
		return nil
	})
}

``` <!--End PulumiCodeChooser -->

type GetAuthBackendRoleIdResultOutput 

type GetAuthBackendRoleIdResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getAuthBackendRoleId.

func GetAuthBackendRoleIdOutput 

func GetAuthBackendRoleIdOutput(ctx *pulumi.Context, args GetAuthBackendRoleIdOutputArgs, opts ...pulumi.InvokeOption) GetAuthBackendRoleIdResultOutput

func (GetAuthBackendRoleIdResultOutput) Backend 

func (o GetAuthBackendRoleIdResultOutput) Backend() pulumi.StringPtrOutput

func (GetAuthBackendRoleIdResultOutput) ElementType 

func (GetAuthBackendRoleIdResultOutput) ElementType() reflect.Type

func (GetAuthBackendRoleIdResultOutput) Id 

func (o GetAuthBackendRoleIdResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (GetAuthBackendRoleIdResultOutput) Namespace 

func (o GetAuthBackendRoleIdResultOutput) Namespace() pulumi.StringPtrOutput

func (GetAuthBackendRoleIdResultOutput) RoleId 

func (o GetAuthBackendRoleIdResultOutput) RoleId() pulumi.StringOutput

The RoleID of the role.

func (GetAuthBackendRoleIdResultOutput) RoleName 

func (o GetAuthBackendRoleIdResultOutput) RoleName() pulumi.StringOutput

func (GetAuthBackendRoleIdResultOutput) ToGetAuthBackendRoleIdResultOutput 

func (o GetAuthBackendRoleIdResultOutput) ToGetAuthBackendRoleIdResultOutput() GetAuthBackendRoleIdResultOutput

func (GetAuthBackendRoleIdResultOutput) ToGetAuthBackendRoleIdResultOutputWithContext 

func (o GetAuthBackendRoleIdResultOutput) ToGetAuthBackendRoleIdResultOutputWithContext(ctx context.Context) GetAuthBackendRoleIdResultOutput

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.